The goal of every project is to perform a security assessment to help the organization understand their current security posture and identify potential weaknesses.
The scope of work involves doing a complete assessment of the information security posture of Customer’s network covering, but not limited to the scope that Client asked for. The assessment approach should start as a Blackbox and move to grey and white box depending on the progress of the vendor and vulnerabilities that can be exploited. Project scope also includes the configuration review for the chosen amount of routers.
Phase 1: Reconnaissance
The black hat uses a variety of sources to learn as much as possible about the target business and how it operates, including:
The activities in this phase are not easy to defend against. Information about an organization finds its way to the Internet via various routes. Employees are often easily tricked into providing tidbits of information, which, over time, act to complete a complete picture of processes, organizational structure, and potential soft spots.
Phase 2: Scanning
The objective of this test is to ascertain the possibility for anyone who is part of a trusted source to get into the network through and to determine how far he or she can get in if they gained access. A detailed security analysis to be carried out, on the servers and network assets that are accessible through the trusted source, in order to verify the security that are in place (methodology, tools, detailed testing steps, and sample findings reports will be presented to the Customer). Testing will begin without initial privileges but to review the configuration during the project, the appropriate privileges are required; we expect that Customer will provide such privileges in 30% of the internal and external penetration testing project phase.
Once the attacker has enough information to understand how the business works and what information of value might be available, he or she begins the process of scanning perimeter and internal network devices looking for weaknesses, including:
Scans of perimeter and internal devices can often be detected with intrusion detection (IDS) or prevention (IPS) solutions, but not always. Scanning takes place both for Internal and External environments.
Phase 3: Gaining Access
The objective of External Penetration Test is to ascertain the possibility for anyone from outside to get into the network through Internet and to determine how far they can get in if they gained access.
The objective of Internal Penetration Test is to ascertain the possibility for anyone who is part of a trusted source (part of the government network/internal network) to get into the network through and to determine how far he or she can get in if they gained access.
The following steps are performed:
Detect anomalous network or server behavior, including traffic mix per time interval.
Phase 4: Writing documentation
As a result of the project the set of documents will be created. These documents should be accepted by Requestor and will include:
Executive System Security Report being a high level overview for Management. This report will include recommendations about further development of the System.
Technical System Security Report being a database of vulnerabilities detected, their interpretation and proposed countermeasures. Technical report will include lists of audited systems, vulnerabilities detected, data gathered during project and a proposal of technical solutions that can be used during securing and further development of the System.